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BACKGROUND OF THE INVENTION 
10 1 . Field of the Invention 

The present invention relates to systems and methods for distributing of broadcast 
content for remote decryption and viewing. 

2. Description of the Related Art 

15 Direct broadcast satellite (DBS) systems have become commonplace in recent 

years. DBS systems have been designed to ensure that only paying subscribers receive 
program materials transmitted by service providers. Among such systems are those which 
use a conditional access module (typically in the form of a smartcard) that can be 
removably inserted into the receiver. 

20 One of the disadvantages of existing DBS receivers is that every television 

requires a separate integrated receiver/decoder (IRD) and conditional access module in 
order to receive unique programming. Moreover, each of the IRDs requires a tuner and 
conditional access module in order to receive and decrypt the programming. In addition, 
each of the IRDs would require a separate disk drive in order to provide digital video 

25 record (DVR) capabilities. All of these components drives up the cost of the IRDs. 

Currently, there is no method of a host IRD with a conditional access module 
securely sharing content one or more client IRDs without a conditional access module. 
One of the key reasons is that the prior art provides no method for the service provider to 
know of and selectively enable the authorized client IRDs. As a result, service providers 

30 had no method of preventing widespread, and possible unauthorized, distribution of their 
program materials if several IRDs are networked together. 
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The present invention describes an architecture that includes a central or host IRD 
and one or more lightweight secondary or client IRDs coupled thereto. The present 
invention also describes a method of allowing the host and client IRDs to decrypt the 
program materials using a media encryption key and pairing keys that are shared between 
5 the IRDs in the network. 

This means that the client IRDs would not require a tuner, conditional access 
module or disk drive, since the host IRD is responsible for the reception and storage of the 
program material, and the conditional access module associated with the host IRD is 
responsible for the reception of media encryption keys for program decryption by host and 
10 client IRDs. This allows distribution of the program materials throughout a household or 
other location at a significantly reduced cost as compared to other schemes, which require 
full IRDs for each individual subscriber. 

SUMMARY OF THE INVENTION 
1 5 In summary, the present invention describes a method, apparatus and article of 

manufacture for distributing program materials received from a direct broadcast satellite 
system between a host receiver and a client receiver for remote decryption. 

In this invention, encrypted program materials and media encryption keys are 
received by the host receiver from the direct broadcast satellite system, and transferred 
20 from the host receiver to the client receiver, where the client receiver decrypts the 
transferred program materials using a transferred media encryption key. 

For delayed viewing, the transferred program materials and media encryption keys 
may be stored in a large capacity storage system, such as a hard disk, at the host receiver 
or at a centralized home media storage subsystem, until requested for viewing by the 
25 client receiver. 

The transferred program materials are protected by the broadcast encryption. The 
media encryption key, received from the broadcast system by the conditional access 
module at the host receiver, is protected for transfer to the client receiver by encryption at 
the host receiver using a host-client pairing key shared between host and client. 
30 The pairing key is received from the broadcast system at both the host and client 

receivers, where the pairing key is decrypted at the host receiver using a receiver key 
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uniquely associated with the host receiver and the pairing key is decrypted at the client 
receiver using a receiver key uniquely associated with the client receiver. 

In a preferred embodiment, an encrypted version of the pairing key is received 
from the broadcast system at the host receiver and transferred to the client receiver, where 
5 it is decrypted using a receiver key uniquely associated with the client receiver. A 
differently encrypted version of the same pairing key is received from the broadcast 
system at the host receiver, and transferred to the conditional access module associated 
with the host receiver, where it is decrypted using a message decryption key uniquely 
associated with the conditional access module. 

10 The conditional access module obtains the media encryption key from data 

received by the host receiver from the broadcast system. The conditional access module 
encrypts the media encryption key using the pairing key. The encrypted media encryption 
key is transferred from the conditional access module, via the host receiver, to the client 
receiver, where it is decrypted using the pairing key. The decrypted media encryption key 

1 5 is then used by the client receiver to decrypt program materials transferred from the host 
receiver. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Referring now to the drawings in which like reference numbers represent 
20 corresponding parts throughout: 

FIG. 1 is a diagram illustrating an overview of a direct broadcast satellite system 
according to a preferred embodiment of the present invention; 

FIG. 2 is a block diagram showing a typical uplink configuration for a single 
satellite transponder, showing how program materials and program control information 
25 are uplinked to the satellite by the control center and the uplink center; 

FIG. 3 A is a diagram of a representative data stream according to the preferred 
embodiment of the present invention; 

FIG. 3B is a diagram of a representative data packet according to the preferred 
embodiment of the present invention; 
30 FIG. 4 is a simplified block diagram of an integrated receiver/decoder according to 

the preferred embodiment of the present invention; 



6 



15 



FIG. 5 is a logical flow illustrating how the host IRD and CAM are operatively 
paired according to the preferred embodiment of the present invention; 

FIG. 6 is a logical flow illustrating how the host and client IRDs are operatively 
paired according to the preferred embodiment of the present invention; and 

FIGS. 7 A and 7B are logical flows illustrating how the program materials may be 
shared between host and client IRDs according to alternative embodiments of the present 
invention. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 
In the following description, reference is made to the accompanying drawings 
which form a part hereof, and which show, by way of illustration, several embodiments of 
the present invention. It is understood that other embodiments may be utilized and 
structural changes may be made without departing from the scope of the present 
invention. 



DIRECT BROADCAST SATELLITE SYSTEM 
FIG. 1 is a diagram illustrating an overview of a direct broadcast satellite system 
100 according to a preferred embodiment of the present invention. The system 100 
includes a control center 1 02 operated by a service provider in communication with an 

20 uplink center 1 04 via a ground link 106 and with subscriber receiving stations 108 via a 
link 1 10. The control center 102 provides program materials to the uplink center 104 and 
coordinates with the subscriber receiving stations 108 to offer various services, including 
key management for encryption and decryption, pay-per-view (PPV), billing, etc. 

The uplink center 104 receives the program materials from the control center 102 

25 and, using an uplink antenna 1 12 and transmitter 1 14, transmits the program materials to 
one or more satellites 1 1 6, each of which may include one or more transponders 118. The 
satellites 1 16 receive and process this program material, and re-transmit the program 
materials to subscriber receiving stations 108 via downlink 120 using transmitter 118. 
Subscriber receiving stations 108 receive the program materials from the satellites 116 via 

30 an antenna 122, and decrypt and decode the program materials using an integrated 
receiver/decoder (IRD) 124. 
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UPLINK CONFIGURATION 
FIG. 2 is a block diagram showing a typical uplink center 104 configuration for a 
single transponder 118, showing how program materials and program control information 
5 are uplinked to the satellite 1 16 by the control center 102 and the uplink center 104. 

One or more channels are provided by program sources 200A-200C, which may 
comprise one or more video channels augmented respectively with one or more audio 
channels. 

The data from each program source 200A-200C is provided to a corresponding 

10 encoder 202A-202C, which in one embodiment comprise Motion Picture Experts Group 
(MPEG) encoders, although other encoders can be used as well. After encoding by the 
encoders 202A-202C, the output therefrom is converted into data packets by 
corresponding packetizers 204A-204C. 

In addition to the program sources 200A-200C, data source 206 and conditional 

1 5 access manager 208 may provide one or more data streams for transmission by the system 
100. The data from the data source 206 and conditional access manager 208 is provided to 
a corresponding encoder 202D-202E. After encoding by the encoders 202D-202E, the 
output therefrom is converted into data packets by corresponding packetizers 204D-204E. 
A system channel identifier (SCID) generator 210, null packet (NP) generator 212 

20 and system clock 214 provide control information for use in constructing a data stream for 
transmission by the system 100. Specifically, the packetizers 204A-204F assemble data 
packets using a system clock reference (SCR) from the system clock 214, a control word 
(CW) generated by the conditional access manager 208, and a system channel identifier 
(SCID) from the SCID generator 210 that associates each of the data packets that are 

25 broadcast to the subscriber with a program channel. 

Each of the encoders 202A-202C also accepts a presentation time stamp (PTS) 
from a multiplex controller 216. The PTS is a wrap-around binary time stamp that is used 
to assure that the video channels are properly synchronized with the audio channels after 
encoding and decoding. 

30 Finally, these data packets are then multiplexed into a serial data stream by the 

controller 2 1 6. The data stream is then encrypted by an encryption module 218, 



modulated by a modulator 220, and provided to a transmitter 222, which broadcasts the 
modulated data stream on a frequency bandwidth to the satellite 1 16 via the antenna 106. 

REPRESENTATIVE DATA STREAM 
5 FIG. 3 A is a diagram of a representative data stream 300 according to the 

preferred embodiment of the present invention. The first packet 302 comprises 
information from video channel 1 (from, for example, the first program source 200A); the 
second packet 304 comprises computer data information (from, for example, the 
computer data source 206); the third packet 306 comprises information from video 

10 channel 3 (from one of the third program source 200C); the fourth packet 308 includes 
information from video channel 1 (from the first program source 200 A); the fifth packet 
310 includes a null packet (from the NP generator 212); the sixth packet 312 includes 
information from audio channel 1 (from the first program source 200A); the seventh 
packet 314 includes information from video channel 1 (from the first program source 

15 200A); and the eighth packet 316 includes information from video channel 2 (from the 
second program source 200B). The data stream therefore comprises a series of packets 
from any one of the program and/or data sources in an order determined by the controller 
216. Using the SCID, the IRD 124 reassembles the packets to regenerate the program 
materials for each of the channels. 

20 FIG. 3B is a diagram of a representative data packet 3 1 8 according to the preferred 

embodiment of the present invention. Each data packet segment 318 is 147 bytes long, 
and comprises a number of packet segments 320-326. The first segment 320 comprises 
two bytes of information containing the SCID and flags. The SCID is a unique 12-bit 
number that uniquely identifies the channel associated with the data packet 318. The 

25 flags include 4 bits that are used to control whether the data packet 3 1 8 is encrypted, and 
what key must be used to decrypt the data packet 318. The second segment 322 is made 
up of a 4-bit packet type indicator and a 4 -bit continuity counter. The packet type 
identifies the packet as one of the four data types (video, audio, data, or null). When 
combined with the SCID, the packet type determines how the data packet 318 will be 

30 used. The continuity counter increments once for each packet type and SCID. The third 
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segment 324 comprises 127 bytes of payload data. The fourth segment 326 is data 
required to perform forward error correction on the data packet 318. 

ENCRYPTION OF PROGRAM MATERIALS 
5 As noted above, program materials are encrypted by the encryption module 218 

before transmission to ensure that they are received and viewed only by authorized IRDs 
124. The program materials are encrypted according to an encryption key referred to 
hereinafter as a control word (CW). This can be accomplished by a variety of data 
encryption techniques, including symmetric algorithms, such as the data encryption 
10 standard (DES), and asymmetric algorithms, such as the Rivest-Shamir-Adleman (RSA) 
algorithm. 

To decrypt the program material, the IRD 124 must also have access to the 
associated CW. To maintain security, the CW is not transmitted to the IRD 124 in 
plaintext. Instead, the CW is encrypted before transmission to the IRD 124. The 

15 encrypted CW is transmitted to the IRD 124 in a control word packet (CWP), i.e., a data 
packet type as described in FIG. 3B. 

In one embodiment, the data in the CWP, including the CW, is encrypted and 
decrypted via what is referred to hereinafter as an input/output (I/O) indecipherable 
algorithm. An I/O indecipherable algorithm is an algorithm that is applied to an input 

20 data stream to produce an output data stream. Although the input data stream uniquely 
determines the output data stream, the algorithm selected is such that its characteristics 
cannot be deciphered from a comparison of even a large number of input and output data 
streams. The security of this algorithm can be further increased by adding additional 
functional elements which are non-stationary (that is, they change as a function of time). 

25 When such an algorithm is provided with identical input streams, the output stream 
provided at a given point in time may be different than the output stream provided at 
another time. 

So long as the encryption module 218 and the IRD 124 share the same I/O 
indecipherable algorithm, the IRD 124 can decode the information in the encrypted CWP 
30 to retrieve the CW. Then, using the CW, the IRD 124 can decrypt the program materials 
so that it can be displayed or otherwise presented. 

10 



INTEGRATED RECEIVER/DECODER 
FIG. 4 is a simplified block diagram of an IRD 124 according to the preferred 
embodiment of die present invention. The IRD 124 includes a tuner 400, a transport and 
5 demultiplexing module (TDM) 402 that operates under the control of a microcontroller 
404 to perform transport, demultiplexing, decryption and encryption functions, a source 
decoder 406, random access memory (RAM) 408, external interfaces 410, user I/O 412, a 
conditional access module (CAM) 414, and conditional access verifier (CAV) 416. 

The tuner 400 receives the data packets from the antenna 122 and provides the 
10 packets to the TDM 402. Using the SCIDs associated with the program materials, the 
TDM 402 and microcontroller 404 reassemble the data packets according to the channel 
selected by the subscriber and indicated by the user I/O 412, and decrypt the program 
materials using the CW. 

Once the program materials have been decrypted, they are provided to the source 
1 5 decoder 406, which decodes the program materials according to MPEG or other standards 
as appropriate. The decoded program materials may be stored in the RAM 408 or 
provided to devices coupled to the IRD 124 via the external interfaces 410, wherein the 
devices coupled to the IRD 124 can include or a media storage device 418, such as a disk 
drive, a presentation device 420, such as a monitor, or a networked device, such as 
20 another IRD 124. 

The CAM 414 is typically implemented in a smartcard or similar device, which is 
provided to the subscriber to be inserted into the IRD 124. The CAM 414 interfaces with 
the CAV 416 and the TDM 402 to verify that the IRD 124 is entitled to access the 
program materials . 

25 The CW is obtained from the CWP using the CAV 416 and the CAM 414. The 

TDM 402 provides the CWP to the CAM 414 via the CAV 416. The CAfa 414 uses an 
I/O indecipherable algorithm to generate the CW, which is provided back to the TDM 
402. The TDM 402 then uses the CW to decrypt the program materials . 

In one embodiment including a plurality of networked IRDs 124, one of the IRDs 

30 124 is designated a "host IRD" (or host device) and each of the other IRDs are designated 
as a "client IRD" (or client device). In such an embodiment, the host IRD 124 includes 
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all of the components described in FIG. 4, while the client IRDs 124 are simpler and do 
not include a tuner 400, CAM 414, CAV 416, disk drive 418, or other components, in 
order to reduce the cost of the client IRD 124. The client IRD 124 can be used to request 
program materials that are received or reproduced by the host IRD 124, thus allowing 
5 program materials to be reproduced at other locations in the home. 

However, in this embodiment, there is no master-slave relationship, and all IRDs 
124 have the capability to decrypt the program materials. Moreover, the host and client 
IRDs 124 share the CW by means of a pairing key (PK) that is generated by the service 
provider for the purposes of allowing each IRD 124 to decrypt the program materials. 
10 Consequently, this allows for the distribution of broadcast content between a host IRD 
124 and one or more client IRDs 124 for remote decryption and viewing. 

OPERATIVE PAIRING THE HOST IRD AND CAM 
FIG. 5 is a logical flow illustrating how the host IRD 124 and CAM 414 are 
1 5 operatively paired according to the preferred embodiment of the present invention. 

After the subscriber has purchased and installed the host IRD 124 and associated 
hardware, the subscriber supplies a unique identifier (such as a serial number) for the host 
IRD 124 to the service provider. The unique identifier is itself uniquely associated with a 
secret receiver key (RK). This association is implemented in the IRD 124 itself, and is 
20 known to the service provider. Thereafter, the service provider determines a pairing key 
(PK), also designated as a host pairing key PKH, that will be used to encrypt 
communications between the CAM 414 and the IRD 124. 

The PK is then encrypted by the service provider using the RK, to produce an 
encrypted PK, denoted ER(PK), wherein the ER( ) indicates that RK encryption is used 
25 and the PK indicates that the PK is encrypted. A message for the CAM 414 comprising 
the PK and the ER(PK) is generated by the service provider, and the message is encrypted 
using a conditional access message encryption algorithm to produce EM(PK, ER(PK)), 
wherein the EM( ) indicates that conditional access message encryption is used and the 
PK, ER(PK) indicates that the PK, ER(PK) is encrypted. 
30 The EM(PK, ER(PK)) is then transmitted from the service provider to the host 

IRD 124 where it is received by the tuner 400 and TDM 402 (500). The TDM 402 routes 

12 
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data packets with the encrypted message EM(PK, ER(PK)) to the CAM 414 for 
decryption. 

In the CAM 414, the EM(PK,ER(PK)) is decrypted by a message decryption 
algorithm (EM DECR) 502 to produce the decrypted PK 5 which is stored in a secure 
5 memory 504 in the CAM 414. 

The ER(PK) is provided from the CAM 414 to the TDM 402, and since it is 
encrypted using the RK, it is not exposed in plaintext. (In the preferred embodiment, 
ER(PK) is delivered to the TDM 402 via the CAM 414, but alternative embodiments 
might deliver ER(PK) directly to the TDM 402.) 
1 0 In the TDM 402, the ER(PK) is decrypted by an Advanced Encryption Standard 

(AES) decryption algorithm (AES DECR) 506 using the RK 508 to produce the decrypted 
PK, which is then stored in a secure memory 510. This PK, now stored in both the IRD 
124 and the CAM 414, is used to encrypt communications between the CAM 414 and the 
IRD 124, as desired. 

15 For example, using the PK stored in 504, the CAM 414 encrypts the CW to 

produce EPK(CW), wherein the EPK( ) indicates that PK encryption is used and the C W 
indicates that the CW is encrypted. The TDM 402 decrypts the EPK(CW) received from 
the CAM 414 using the PK stored in 510. Since the EPK(CW) can only be decrypted by 
an IRD 124 that contains the appropriate PK, this cryptographically binds ("pairs") the 

20 CAM 4 1 4 and the host IRD 1 24. 

OPERATIVELY PAIRING THE HOST AND CLIENT IRDS 
FIG. 6 is a logical flow illustrating how the host and client IRDs 124 are 
operatively paired according to the preferred embodiment of the present invention. 
25 The present invention also provides for pairing between a host IRD 124 and one or 

more client IRDs 124, to ensure that program materials are never shared between the host 
IRD 124 and client IRDs 124 in plaintext. The pairing of the host IRD 124 and client 
IRDs 124 is accomplished by the use of the pairing key (PK), also designated as a client 
pairing key PKC. 

30 In one embodiment, the PKC may be the same as the pairing key used to 

operatively pair the host IRD 124 and the CAM 414, namely the host pairing key PKH, 
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and in such circumstances is simply designated as the pairing key PK. In another 
embodiment, the PKC may be different from the host pairing key PKH used to operatively 
pair the host IRD 124 and the CAM 414. Both embodiments are described in more detail 
below. 

5 As noted above, the subscriber supplies a unique identifier (such as a serial 

number) for the host IRD 124 to the service provider, wherein the unique identifier is 
associated with a secret receiver key (RK), wherein the association is implemented in the 
IRD 124 itself and is known to the service provider. 

After activating the host IRD 124, the subscriber can request the activation of 
10 additional client IRDs 124 using the same method. Consequently, the service provider 
would determine the RK for each of the client IRDs 124 as well. 

Thereafter, the service provider establishes the PKC for a particular combination 
of host and client IRDs 124. Preferably, the service provider encrypts the PKC, using an 
Advanced Encryption Standard (AES) encryption algorithm, with RKH, the RK of the 
15 host IRD 124, and RKC, the RK of the client IRD 124, thereby creating two ER(PKC) 
messages containing the encrypted PKC, i.e., ERH(PKC) for the host IRD 124 and 
ERC(PKC) for the client IRD 124. 

The service provider transmits one or more messages to the host IRD 124, as 
represented by 600, using an ID for the CAM 414 of the host IRD 124 for over-the-air 
20 addressing of the message, and specifying both a Host ID (HID) and a Client ID (CLID), 
wherein the CLID identifies the client IRDs 124 to the host IRD 124. These messages 
contain the encrypted PKC, and are then stored on disk drive 418 or other non-volatile 
memory in the host IRD 124. 

Any number of such encrypted versions of the PKC can be stored in the host IRD 
25 124. For example, there may be a different PKC for each pairing of a client IRD 124 

networked with the host IRD 124. On the other hand, a host IRD 124 may share the same 
PKC with all the client IRDs 124. Moreover, the PKC shared with all the client IRDs 124 
may itself be the PKH. 

Preferably, the host IRD 124 receives both of the ERH(PKC) and ERC(PKC) 
30 messages off-air and, at some later time, the ERC(PKC) for the client IRD 124 is obtained 
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by the client IRD 1 24 from the host IRD 124. This may occur, for example, when a client 
IRD 124 is activated or powered up. 

In the host and client IRDs 124, the ER(PKC) (which is either the ERH(PKC) or 
ERC(PKC)) is decrypted by an AES decryption algorithm (AES DECR) 602 in the TDM 
5 402 using the appropriate RK 604 (which is either the RKH or RKC), and the decrypted 
PKC is stored in a secure memory 606 in the host and client IRDs 124. 

Consequently, the service provider, through the assignment of the PKC, 
establishes a pairing relationship between the host IRD 124 and one or more client IRDs 
124 forming a network, so that the program materials are shared in secure manner within 
10 the network. 

SHARING PROGRAM MATERIALS BETWEEN HOST AND CLIENT IRDS 
FIGS. 7 A and 7B are logical flows illustrating how the program materials may be 
shared between host and client IRDs 124 according to alternative embodiments of the 
1 5 present invention. 

In the preferred embodiment of FIG. 7A, the host pairing key PKH and the client 
pairing key PKC are the same. Consequently, the host and client pairing keys are 
designated as PK in the figure. 

In the portion of FIG. 7 A labeled "Off- Air Receive," the host IRD 124 receives a 
20 data stream 700 including the program materials encrypted by the media encryption key 
CW, as well as the encrypted media encryption key EI(CW) 702 itself. The EI(CW) is 
provided, via the TDM 402, to the CAM 414, where it is decrypted by an I/O 
indecipherable decryption algorithm (EI DECR) 704. The result is the unencrypted media 
encryption key CW. 

25 The unencrypted CW is then re-encrypted by the CAM 414 using an AES 

encryption algorithm (AES ENCR) 706 with the PK 708 stored in the CAM 414 to 

produce a re-encrypted media encryption key EPK(CW). 

The re-encrypted media encryption key EPK(CW) is provided to the TDM 402, 

where it is decrypted by an AES decryption algorithm (AES DECR) 710 using the PK 712 
30 stored in the TDM 402, in order to obtain the unencrypted media encryption key CW. 

The unencrypted CW is then stored in a CW storage 714, and used when necessary by a 
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Data Encryption Standard (DES) decryption algorithm (DES DECR) 716 to decrypt the 
program material, so that the decrypted program materials can be displayed on a monitor 
420, stored on a disk drive 418, etc. 

The re-encrypted media encryption key EPK(CW) is also transmitted via 718 from 
5 the host IRD 124 to the client IRD 124. Since the program materials are encrypted with 
the CW, the client IRD 124 must be able to receive the CW from the host IRD 124 in a 
secure manner. 

In the portion of FIG. 7A labeled "Read from Host IRD and Display," the client 
IRD 124 receives 71 8 the EPK(CW) from the host IRD 124, which is then decrypted by 

10 an AES decryption algorithm (AES DECR) 720 using the PK 722. As noted above, the 
client IRD 124 had previously been provided the PK 722 by the service provider. 

After the CW is decrypted by the AES decryption algorithm 720, the CW is then 
stored in the CW storage 724 of the TDM 402 in the client IRD 124. Thereafter, the CW 
is retrieved from the CW storage 724 for use in decrypting the encrypted program 

15 materials by a DES decryption algorithm (DES DECR) 726, wherein the program 

materials are transferred 728 from the host IRD 124 to the client IRD 124 without being 
decrypted at the host IRD 124. The client IRD 124 can then display the decrypted 
program materials on a presentation device 420 coupled to the client IRD 124. 

In an alternative embodiment of FIG. 7A, the host pairing key PKH and the client 

20 pairing key PKC are different (notwithstanding the fact that the host and client pairing 

keys are designated as PK in the figure), and both the host pairing key PKH and the client 
pairing key PKC are delivered to the CAM 414 in the manner shown in FIG. 5. As a 
result, the CAM 414 encrypts the CW in accordance with the IRD 124 that requires that 
CW for program decryption, i.e., EPK(CW) is either EPKC(CW) or EPKH(CW). 

25 Moreover, the host and client IRDs 124 do not have simultaneous access to the same 

program materials, unless the CAM 414 separately encrypts EPKH(CW) and EPKC(CW) 
and delivers them to the host and client IRDs 124, respectively. Note that with multiple 
clients IRDs 1 24, the CAM 414 may need to store multiple pairing keys, or alternatively, 
the EM(PKH) and multiple EM(PKC) values, received from the broadcast datastream 

30 730, may be stored in the disk drive 418 or other non-volatile memory of the host IRD 
124, and then selectively loaded into the CAM 414. 
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In the embodiment of FIG. 7B, the host pairing key PKH and the client pairing key 
PKC are also different. Consequently, the host pairing key is designated as PKH in the 
figure and the client pairing key is designated as PKC in the figure. 

In the portion of FIG. 7B labeled "Off- Air Receive," the host IRD 124 receives a 
5 data stream 730 including the program materials encrypted by the media encryption key 
CW, as well as the encrypted media encryption key EI(CW) 732 itself. The EI(CW) is 
provided, via the TDM 402, to the CAM 414, where it is decrypted by an I/O 
indecipherable decryption algorithm (EI DECR) 734. The result is the unencrypted media 
encryption key CW. 

1 0 The unencrypted CW is then re-encrypted by the CAM 414 by an AES encryption 

algorithm (AES ENCR) 736 using the PK of the host IRD 124 stored in the CAM 414, 
which is designated PKH 738, to produce a re-encrypted media encryption key 
EPKH(CW). 

The re-encrypted media encryption key EPKH(CW) is provided to the TDM 402 

15 in the host IRD 124, where it is decrypted by an AES decryption algorithm (AES DECR) 
740 using the PK of the host IRD 124 stored in the TDM 402, which is designated PKH 
742, in order to obtain the unencrypted media encryption key CW. The unencrypted CW 
is then stored in a CW storage 744, and used when necessary by a DES decryption 
algorithm (DES DECR) 746 to decrypt the program material, so that the program 

20 materials can be displayed on a monitor 420, stored on a disk drive 418, etc. 

Since the program materials are encrypted with the CW, the client IRD 124 must 
be able to receive the CW from the host IRD 124 in a secure manner. To accomplish this 
task, the CW is encrypted in the host IRD 124 by an AES encryption algorithm (AES 
ENCR) 748 using the PK of the client IRD 124 also stored in the TDM 402, which is 

25 designated PKC 750, to produce an EPKC(CW). 

In the portion of FIG. 7B labeled "Read from Host IRD and Display," the client 
IRD 124 receives the EPKC(CW) from the host IRD 124 752, which is then decrypted by 
an AES decryption algorithm (AES DECR) 754 using the PK of the client IRD 124, 
which is designated PKC 756. As noted above, the client IRD 124 had been previously 

30 been provided the PKC 756 by the service provider. 
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After the CW is decrypted by the AES decryption algorithm 754, the CW is then 
stored in the CW storage 758 of the TDM 402 in the client IRD 124. Thereafter, the CW 
is retrieved from the CW storage 758 of the TDM 402 for use in decrypting the program 
materials by a DES decryption algorithm (DES DECR) 760, wherein the program 
5 materials are transferred in a datastream 762 from the host IRD 124 to the client IRD 124 
without being decrypted. The client IRD 124 can then display the decrypted program 
materials on a presentation device 420 coupled to the client IRD 124. 

In the above embodiments, the program materials received by the host IRD 124 
are simply relayed to the client IRD 124, with minimal processing by the host IRD 124. 

10 The program materials are only encrypted once, by the service provider, and are delivered 
to the client IRD 124 only in encrypted form, together with the CW necessary to decrypt 
the program materials. 

It should be noted that the datastream received by the host IRD 124 generally 
includes a number of multiplexed program materials from a number of program sources. 

15 In some embodiments, the received datastream is forwarded to the client IRD 124, and the 
client TDM 402 extracts the packets according to the desired program materials, before 
decryption. In other embodiments, the TDM 402 of the host IRD 124 may fully or 
partially extract the desired program materials from the received datastream, to reduce the 
transmission data-rate of the datastream transferred from the host IRD 124 to the client 

20 IRD 124. 

It should also be noted that the above description applies for immediate viewing as 
well as for delayed viewing of the program materials by the client IRD 124. For delayed 
viewing, the transferred datastream and encrypted media encryption keys or re-encrypted 
media encryption keys may be stored in a large capacity storage system, such as a disk 

25 drive 41 8, at the host IRD 124, or at a centralized home media storage subsystem 418, and 
then forwarded to the client IRD 124 when requested for viewing. For example, the 
transferred datastream and encrypted media encryption keys may be stored on the disk 
drive 418 until the program materials are requested, at which point the encrypted media 
encryption keys are decrypted by the CAM 414 and re-encrypted for delivery to the client 

30 IRD 124, as well as stored on the disk drive 41 8 for future use or replaying of the program 
materials by the host or client IRDs 124. 
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In these embodiments, no CAM 414 is required on the client IRD 124, since the 
client IRD 1 24 obtains the CW necessary for decrypting the program materials from the 
host IRD 124 in a secure manner. Also, since the client IRD 124 does not need to receive 
program materials from an off-air signal, no tuner is required in the client IRD 124. 
5 Finally, no disk drive 418 is required in the client IRD 124, since client IRDs 124 may use 
the disk drive 41 8 of the host IRD 124 as a "virtual" disk. All of this leads to greatly 
reduced cost of the client IRDs 124. 

On the other hand, because of the need to secure the program materials when they 
are transmitted over the network, the client IRD 124 requires certain decryption circuitry 

10 and secure key storage, which will generally be included in a single integrated circuit. 
Since similar circuitry is used in the host IRD 124, it is cost effective to produce and 
personalize a standard integrated circuit that will be used in host and client IRDs 124, 
rather than different integrated circuits for each type of IRD 124. In this case, the client 
IRD 124 may cost effectively contain the circuitry that performs the decryption, decoding 

1 5 and/or demultiplexing of the program materials. Rather than burden the host IRD 124 
with the role of performing these functions for all client IRDs 124, which may lead to a 
bottleneck in the host IRD 124, the client IRD 124 performs these functions in the present 
invention. This architecture enables a host IRD 124 to support a larger number of client 
IRDs 124. 

20 Note that one of the advantages to the embodiments having different values of 

PKH and PKC is that it allows the service provider and host IRD 124 to control which of 
the client IRDs 124 receives the program materials. This could be an advantage if the 
service provider wishes to have several tiers of services for the client IRDs 124. This 
could also allow subscribers to selectively control which program materials are distributed 

25 to which client IRD 124 if limits, either rating or spending, are to be set. Also, if a client 
IRD 124 is suspected of not being in the location indicated or is being used for pirating 
purposes, the distribution of program materials to that client IRD 124 could be terminated 
without disrupting services to other client IRDs 124 in the network. The disadvantage of 
this system would be the number of keys that would be required for each pairing and the 

30 bookkeeping of all of these keys. Both of these issues are not serious and could be 

overcome by careful system planning, if necessary. However, in most applications, the 
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simpler embodiment of FIG. 7A is preferred, having the same value of PKH and PKC for 
the host and clients IRDs 124 in the same home network. 

CONCLUSION 

The foregoing description of the preferred embodiment of the invention has been 
presented for the purposes of illustration and description. It is not intended to be 
exhaustive or to limit the invention to the precise form disclosed. Many modifications 
and variations are possible in light of the above teaching. 

For example, while the foregoing disclosure presents an embodiment of the 
present invention as it is applied to a direct broadcast satellite system, the present 
invention can be applied to any system that uses encryption. Moreover, although the 
present invention is described in terms of specific encryption and decryption schemes, it 
could also be applied to other encryption and decryption schemes, or to different uses of 
the specific encryption and decryption schemes. Finally, although specific hardware, 
software and logic is described herein, those skilled in the art will recognize that other 
hardware, software or logic may accomplish the same result, without departing from the 
scope of the present invention. 

It is intended that the scope of the invention be limited not by this detailed 
description, but rather by the claims appended hereto. The above specification, examples 
and data provide a complete description of the manufacture and use of the composition of 
the invention. Since many embodiments of the invention can be made without departing 
from the spirit and scope of the invention, the invention resides in the claims hereinafter 
appended. 
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